Automated user migration and management of AWS Identity and Access Management (IAM) resources
Here mission to migrate users in an automated way and manage AWS IAM (Identity and Access Management) resources.
Its based on real-world scenario, where there were more than 100 users that needed to be migrated and using a security best practise having Multi-factor authentication (MFA) enabled on their accounts.
In order to avoid repetitive and manual tasks in the AWS console, I think its better to implement in an auomated way.
Using GitBash with AWS CLI and Shell Script — that helps to implement the process to migrate the users in efficient way.
In order to make this happen- follow the below Steps
1. Create a spreadsheet/csv file that contains the users information such as user along with user-group they belongs & password and save it in users.csv file.
2. Log into AWS console, navigate to IAM Service and create user-group as defined in the csv files and provide the permission policies as desired for that group.
Such as CloudAdmin having AdministratorAccess, IAMUserChangePassword.
Simialry follow the same for other groups
DBA — having AmazonRDSFullAccess, IAMUserChangePassword
LinuxAdmin- having AmazonEC2FullAccess, IAMUserChangePassword
NetworkAdmin-having AmazonVPCFullAccess, IAMUserChangePassword
Trainees- having ReadOnlyAccess, IAMUserChangePassword
3.Run the Automation Script — in AWS Cloud Shell as below..that will create user, login-profile & add-user-to-group
Navigate to IAM Service under Users —confirm users are created , along with Groups with respective policies permissions.
Further one can create a custom policies for these users to enforce Multi-factor Authentication using Authenticator- as per the secuirty best practices.